Scribd Logo
Upload

Welcome to Scribd!

  • GRC2 Ksa

    Uploaded by

    Joseph Ibrahim Cruz Rodríguez
    14 views31 pages

    Original Title

    GRC2-KSA

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views31 pages

    GRC2 Ksa

    Uploaded by

    Joseph Ibrahim Cruz Rodríguez

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 31

    Governance, Risk & Compliance

    Using
    ISO 27001, ISO 20000 & ISO 22301

    Sharing the Leading Best Practices in One Project


    Agenda
     Introduction
     The components of the Good Governance
    – ISO 27001- Protecting the Information
    – ISO 20,000 – Ensuring the Best IT Service
    Management
    – ISO 22301 – Ensuring the Continuity of the
    Business
     Checklist
     Conclusion
    GRC
    Importance of GRC

     GRC Projects are must for various reasons


     GRC has Crossed V1 Speed.
    Three Important Components of IT
    What is Governance?
    What is the Solution?
    The Solution

    Explore Standards
    Gartner Hype Cycle

    9
    Managing the Expectations

    10
    Gartner’s View

    11
    Selecting Top 3 Standards for
    Comprehensive Coverage
    Comprehensive Governance
    Coverage
    Information Security and
    ISO 27001

    The Must have Standard.


    What is ISO 27001?

     ISO 27001 is the Standard of Information Security


     Two Parts
    – ISO 27001: Specifications
    – ISO 27002: Code of Practices
     Uniqueness of ISO 27001
    – Standard
    – 114 Annex A Controls
    ISO 27001
    ISO 27000 Series..

     Anxiously Waiting for…


    – 27000: Fundamentals and Vocabulary
    – 27001: ISMS Auditable and certifiable requirements
    – 27002: Replaced ISO 17799
    – 27003: ISMS Implementation Guidelines
    – 27004: ISMS Measurement
    – 27005: ISMS Risk Management
    – 27006: Guide to the certification/registration process for accredited ISMS
    certification/registration bodies
    – 27007: Guidance for those auditing Information Security Management
    Systems against ISO 27001
    – 27031: Information security management guidelines for
    telecommunications
    ISO 20,000 for
    (IT) Service Management System
    ISO 20000
    ITIL V3.0
    ITIL

     It is all about the ‘Service’


     IT is recognized as ‘Service Provider’
    – To be more specific IT is Service Provider to it’s
    customer Business Users
    Based on Deming Cycle
    Deming Cycle

     William Edwards Deming


    – (October 14, 1900 – December 20, 1993) was
    Statistician.
    – Best known for his work in Japan.
    – From 1950 onward he taught top management
    how to improve
     Design (and thus service),
     Product quality,
     Testing and s
    ISO 22301
    for
    Business Continuity Management
    Importance of BCM
    What is a Disaster?
    Storage Recovery Strategy
    In Summary….
    Fast Track Implementation
    No Standardization is No Excuse
    Thank You!

    You might also like